Описание
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.9.1 (включая)
cpe:2.3:a:seo-301-meta_project:seo-301-meta:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
почти 4 года назад
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
EPSS
Процентиль: 45%
0.00225
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79